General Info

File name

securedoc_20190807T183300.html

Full analysis
https://app.any.run/tasks/56b670da-20a8-4f37-bf34-5329d7648d54
Verdict
Malicious activity
Analysis date
8/13/2019, 22:43:17
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/html
File info:
HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
MD5

b80d06f69667d2afeac702b839775cb3

SHA1

57cc67a5449444e04d21a8b48a98246461950aae

SHA256

dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9

SSDEEP

6144:1/LQIGznxW/xFKMjyQMctiqBEOX1KTs8wnMYIcaeJpqYpyMav5ocyA6EtFPgHklv:1/LQIGzYJti6T4TofJhpnuhiklrxMe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

 Creates files in the user directory
  • jp2launcher.exe (PID: 2628)
Executes JAVA applets
  • iexplore.exe (PID: 2344)
 Changes internet zones settings
  • iexplore.exe (PID: 3416)
Reads settings of System Certificates
  • iexplore.exe (PID: 2344)
Reads internet explorer settings
  • iexplore.exe (PID: 2344)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2344)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.html
|   HyperText Markup Language (100%)

Screenshots

Screenshot of dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9 taken from 17082 ms from task started Screenshot of dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9 taken from 18108 ms from task started Screenshot of dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9 taken from 21112 ms from task started Screenshot of dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9 taken from 26136 ms from task started Screenshot of dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9 taken from 27146 ms from task started Screenshot of dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9 taken from 32203 ms from task started Screenshot of dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9 taken from 45161 ms from task started Screenshot of dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9 taken from 48193 ms from task started Screenshot of dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9 taken from 50194 ms from task started Screenshot of dc837d6e23ed45c4fefe49e6105f6be9ff0bc7d33c9d4c0432c04238d9bc29e9 taken from 69152 ms from task started

Processes

Total processes
45
Monitored processes
10
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe javaw.exe no specs javaw.exe no specs javaw.exe no specs jp2launcher.exe no specs jp2launcher.exe javaw.exe no specs javaw.exe no specs javaw.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3416
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\securedoc_20190807T183300.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe

PID
2344
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3416 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\program files\java\jre1.8.0_92\bin\jp2iexp.dll
c:\windows\system32\duser.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\winmm.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\program files\microsoft office\office14\winword.exe
c:\program files\java\jre1.8.0_92\bin\jp2native.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe
c:\windows\system32\msimg32.dll

PID
3532
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "later"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
3564
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1565729023"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
2128
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
3148
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe" -secure -plugin -jre "C:\Program Files\Java\jre1.8.0_92" -vma LURfX2p2bV9sYXVuY2hlZD0zNjA5Mjg1ODA4AC1EX19hcHBsZXRfbGF1bmNoZWQ9MzYwOTI3MDg3MgAtRHN1bi5hd3Qud2FybXVwPXRydWUALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIA -ma cmVhZF9waXBlX25hbWU9anBpMl9waWQyMzQ0X3BpcGUyLHdyaXRlX3BpcGVfbmFtZT1qcGkyX3BpZDIzNDRfcGlwZTMA
Path
C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Web Launcher
Version
11.92.2.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe
c:\systemroot\system32\ntdll.dll

PID
2628
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe" -secure -plugin -jre "C:\Program Files\Java\jre1.8.0_92" -vma LURfX2p2bV9sYXVuY2hlZD0zNjA5Mjg1ODA4AC1EX19hcHBsZXRfbGF1bmNoZWQ9MzYwOTI3MDg3MgAtRHN1bi5hd3Qud2FybXVwPXRydWUALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIA -ma cmVhZF9waXBlX25hbWU9anBpMl9waWQyMzQ0X3BpcGUyLHdyaXRlX3BpcGVfbmFtZT1qcGkyX3BpZDIzNDRfcGlwZTMA
Path
C:\Program Files\Java\jre1.8.0_92\bin\jp2launcher.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Oracle Corporation
Description
Java(TM) Web Launcher
Version
11.92.2.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\jp2launcher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\program files\java\jre1.8.0_92\bin\jli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\vga.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll
c:\program files\java\jre1.8.0_92\bin\jp2native.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\program files\java\jre1.8.0_92\bin\fontmanager.dll
c:\windows\system32\clbcatq.dll
c:\program files\java\jre1.8.0_92\bin\sunec.dll
c:\program files\java\jre1.8.0_92\bin\sunmscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll

PID
2620
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.11.92.2" "later"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
2704
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.timestamp.11.92.2" "1565729045"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

PID
2948
CMD
"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -cp "C:\PROGRA~1\Java\JRE18~1.0_9\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -userConfig "deployment.expiration.decision.suppression.11.92.2" "false"
Path
C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Oracle Corporation
Description
Java(TM) Platform SE binary
Version
8.0.920.14
Modules
Image
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\client\jvm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\program files\java\jre1.8.0_92\bin\verify.dll
c:\program files\java\jre1.8.0_92\bin\java.dll
c:\program files\java\jre1.8.0_92\bin\zip.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\program files\java\jre1.8.0_92\bin\awt.dll
c:\windows\system32\oleaut32.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\java\jre1.8.0_92\bin\net.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\program files\java\jre1.8.0_92\bin\nio.dll

Registry activity

Total events
593
Read events
428
Write events
149
Delete events
16

Modification events

PID
Process
Operation
Key
Name
Value
3416
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{033DF7C5-BE0B-11E9-9885-5254004A04AF}
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307080002000D0014002B0021003F02
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307080002000D0014002B0021003F02
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307080002000D0014002B002100CC02
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
9
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307080002000D0014002B002100EB02
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
77
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307080002000D0014002B002100D603
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
27
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore
Type
1
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore
Flags
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore
Count
1
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore
Time
E307080002000D0014002B002B000B03
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CachePrefix
:2019081320190814:
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheLimit
8192
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheOptions
11
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019081320190814
CacheRepair
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
84312ECC1752D501
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore
Count
2
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore
Time
E307080002000D0014002C0006000102
2344
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2344
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor
Last
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
2344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019081320190814
2344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CachePrefix
:2019081320190814:
2344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheLimit
8192
2344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheOptions
11
2344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019081320190814
CacheRepair
0
3532
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
3532
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
3532
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
3532
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
3532
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
3532
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
3532
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
later
3564
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
3564
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
3564
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
3564
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
3564
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
3564
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
3564
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.timestamp.11.92.2
1565729023
2128
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2128
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
2128
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2128
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2128
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2128
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2128
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.suppression.11.92.2
false
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
jp2launcher.exe
2628
jp2launcher.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457890299
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.4.2
1.4.2_99
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.5.0
1.5.0_99
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.6.0
1.6.0_221
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.7.0
1.7.0_231
2628
jp2launcher.exe
write
HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\Security Baseline
1.8.0
1.8.0_221
2620
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2620
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1565729025279
2620
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2620
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2620
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2620
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2620
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.11.92.2
later
2704
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2704
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1565729025279
2704
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2704
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2704
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2704
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2704
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.timestamp.11.92.2
1565729045
2948
javaw.exe
delete key
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
2948
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1565729025279
2948
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
2948
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
2948
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
2948
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe
2948
javaw.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expiration.decision.suppression.11.92.2
false

Files activity

Executable files
0
Suspicious files
7
Text files
14
Unknown types
7

Dropped files

PID
Process
Filename
Type
2628
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
text
MD5: 66206479a64cd2e902dcce7c1d3c6380
SHA256: cc04ca13b6e1e7968e126ac49152c4ca2d2ef5c8092a0bc68baa6de3d5eaf125
2344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: a11425b0f4a9a581f53238c7b54d53ec
SHA256: 8108d3bfc25d71bd8a44ecfadecc4d8c6733dda0c2f40d49cfdf9e4e335adb91
2628
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\blacklist.dynamic
text
MD5: b2c6eae6382150192ea3912393747180
SHA256: 6c73c877b36d4abd086cb691959b180513ac5abc0c87fe9070d2d5426d3dbf71
2628
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
text
MD5: d54441f027147f5d3a03180a2751ba68
SHA256: 1cb53d7ea108ede8b20e562bfa959842f264279950bd5fbc4c3709da9a618590
2628
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\baseline.versions
text
MD5: 3f77e72958f0104f0b71084370efea9e
SHA256: 5b8dcd24043bdef4935d8238b6f2e330b17285e8be964132902d36c860a3fdec
2628
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\securitypack.jar
compressed
MD5: 748f16cd8efa30be73ccc495044bfb1a
SHA256: 4f199748f724e1206d45f8cfee8460a059989af7ccbcff01bd55290126c6a3fc
2628
jp2launcher.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\83aa4cc77f591dfc2374580bbd95f6ba_90059c37-1320-41a4-b58d-2b75a9850d2f
dbf
MD5: c8366ae350e7019aefc9d1e6e6a498c6
SHA256: 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
2628
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\ad52969-b8f0dc575eed08e90b73e1a9c690c0a50782e0212e202982a70f80d9a41d22e9-6.0.lap
text
MD5: b0f5c0c33a1d9fd2d1e1002110a3d0d6
SHA256: f716bd97f51d5eeed78e5bbaca90a83fb3b4500a86bc25fba7e3a48f830ceadb
3416
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3416
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
3416
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2628
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\ad52969-b8f0dc575eed08e90b73e1a9c690c0a50782e0212e202982a70f80d9a41d22e9-6.0.lap
text
MD5: 27dd0b32e7c0cde008643f9ba51c2185
SHA256: 49cd025da21ad2f920e2aee048a994415c9a6d949043f132b7fcf936a75cfc69
2628
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
text
MD5: dcb017283b0d07943794d5ce47e98e69
SHA256: 43d7c248ab47f2b2e4a76763af0b9c7da1978c647dd0169ff8e5edce9db08608
2628
jp2launcher.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: 992a5fff9162cf290133c36760f95440
SHA256: 441b8fc7adabd730f4a01ceca04bfa0f90cdb16753c62602a8c047d452400977
2344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
text
MD5: e4de3476fac35d81fa4e1566e31d47fb
SHA256: a127c97d0f2c50c0d06faffeb78fb1ab1b69584826e5a66ab3bed4fafc5eca58
3416
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019081320190814\index.dat
dat
MD5: 57966b753883916cf374c226c061edfe
SHA256: 6038f3afffc149b8042e19a7f10b5485c527b63b3d1bccad85ae95728232a90e
2344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019081320190814\index.dat
dat
MD5: ad0edcd880893b5d44bfb7c49e44cebe
SHA256: 87eb592ce9beb1f6433924f128e94bae1f9e8f9ffabaa23b48b0ed09d794d87a
2628
jp2launcher.exe
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\security\update.securitypack.timestamp
binary
MD5: 5058f1af8388633f609cadb75a75dc9d
SHA256: cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
2344
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: dd95e7b80f7c56d4728bf824643792db
SHA256: ee6a3773a7ac0a4aea8ae4fef352fa83665ee189d729193653d89f3a6ed72e78
2344
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 58a3badc25e15583224e2b922f370a4f
SHA256: 7e0630e9c468031329cad1a21bfb37c12153bda0f4d6298ee1b8682dd0c35f8a
2344
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarEFFC.tmp
––
MD5:  ––
SHA256:  ––
2344
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabEFFB.tmp
––
MD5:  ––
SHA256:  ––
2344
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarEF6D.tmp
––
MD5:  ––
SHA256:  ––
2344
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabEF6C.tmp
––
MD5:  ––
SHA256:  ––
2344
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarEF5B.tmp
––
MD5:  ––
SHA256:  ––
2344
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabEF5A.tmp
––
MD5:  ––
SHA256:  ––
2344
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8156185507A8E41FBCA1AE02BEF08EF2
der
MD5: 5e397bddf8baec82e9ac62ba0c54002b
SHA256: 85a0dd7dd720adb7ff05f83d542b209dc7ff4528f7d677b18389fea5e5c49e86
2344
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8156185507A8E41FBCA1AE02BEF08EF2
binary
MD5: df876448f75b0449d6140234fdfca4db
SHA256: 2e853881c2cb5f7f83fe155285ef4c4b5a557f29db1334175126b3504998d333
2344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
2344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ER7LTOI6\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U9EF3ROW\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9R9AQZNV\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9FUER7XE\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2344
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 9633e92144e9de0dee65ed9075943d3f
SHA256: 9d7d5ed4f4da2ff8320f429ab85e3e1443119fc55ce5d6f472418703a6508109

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
7
TCP/UDP connections
10
DNS requests
8
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2344 iexplore.exe GET 200 52.219.72.174:80 http://trust.quovadisglobal.com/qvrca2.crt DE
der
shared
2344 iexplore.exe GET 200 13.107.4.50:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
3416 iexplore.exe GET 200 13.107.21.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2628 jp2launcher.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2628 jp2launcher.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
2628 jp2launcher.exe POST 200 23.37.43.27:80 http://s2.symcb.com/ NL
binary
der
whitelisted
2628 jp2launcher.exe POST 200 23.37.43.27:80 http://sv.symcd.com/ NL
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2344 iexplore.exe 184.94.241.74:443 Cisco Systems Ironport Division US suspicious
3416 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2344 iexplore.exe 52.219.72.174:80 Amazon.com, Inc. DE unknown
2344 iexplore.exe 13.107.4.50:80 Microsoft Corporation US whitelisted
3416 iexplore.exe 13.107.21.200:80 Microsoft Corporation US whitelisted
2628 jp2launcher.exe 2.19.41.212:443 Akamai International B.V. –– whitelisted
2628 jp2launcher.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2628 jp2launcher.exe 23.37.43.27:80 Akamai Technologies, Inc. NL whitelisted

DNS requests

Domain IP Reputation
res.cisco.com 184.94.241.74
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
trust.quovadisglobal.com 52.219.72.174
shared
www.download.windowsupdate.com 13.107.4.50
whitelisted
javadl-esd-secure.oracle.com 2.19.41.212
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
s2.symcb.com 23.37.43.27
whitelisted
sv.symcd.com 23.37.43.27
whitelisted

Threats

PID Process Class Message
2628 jp2launcher.exe Potentially Bad Traffic ET POLICY Vulnerable Java Version 1.8.x Detected
2628 jp2launcher.exe Potentially Bad Traffic ET POLICY Vulnerable Java Version 1.8.x Detected

Debug output strings

No debug info.